
FIG. 1 



COMPUTER 



.32 



40 



MEMORY 




SECONDARY 


APPLICATION 






STORAGE 


34 X y3 6 
r 






INPUT 






PROCESSOR 


DEVICE 












DISPLAY 






OUTPUT 


DEVICE 




DEVICE 



30 




FIG. 2 




FIG. 3A 



24 



Z 



SECOND 
DOMAIN 




SECURITY 
SERVICES 



T 



26 



SECURE TOKEN 



USER 
AGENT 



J. 



USER 
SYSTEM 

USER 



14 



Y 



12 



FIG. 3B 



24 



SECOND 
DOMAIN 




SECURE TOKEN USED TO 
MAINTAIN USER SESSION 
AND/OR GET REQUESTED 
RESOURCE 



,18 



FIRST 
DOMAIN 



SECURITY 
SERVICES 



26 




FIG. 3C 



STEP 1 



STEP 2 



STEP 9 



/usi 



USER SESSION WITH 
SECOND DOMAIN 




50 



USER REQUEST 



y 



52 




No 


> 


REDIRECT USER TO 
FIRST DOMAIN 

' A 66 












58 




HTTPST y 






>^USER>v 


. Yes 




SESSION \ 



56 



STEP 3 



OPTIONALLY TEST IF 
LAST USE OF SECURE 
TOKEN WITHIN WINDOW 




62 



No 



USER' 
. , SESSION 
HTTP OR 
JHTTPS?> 



HTTPS 



HTTP. 



CLARIFY 
SECURE TOKEN 



70 



USE SECURE TOKEN TO 
MAINTAIN USER 
SESSION WITH FIRST DOMAIN 




USE SECURE TOKEN TO 
FULFILL USER REQUEST 



FIG. 4 



V HTTPS?> 



HTTP 




DISPLAY 
RESOURCE 




STEP 3 



REDIRECT USER 
TO FIRST DOMAIN 



FIRST DOMAIN 
CHECKS WHETHER 
USER LOGGED IN 




56 



100 



STEP 4 




USER TOKEN SET 
BY FIRST DOMAIN 



102 



No 



,112 



STEP 5 



FIRST DOMAIN 
AUTHENTICATES 
USER TOKEN 



STEP 7 




114 



110 



USER LOGIN AT 
FIRST DOMAIN 



104 



No 



116 



FIRST DOMAIN 
ENCRYPTS USER 
TOKEN AND SETS 
AS SECURE 

TOKEN VALUE 




HTTPS 



108 



STEP 6 



USER REDIRECTED 
TO LOGIN AT 
FIRST DOMAIN 



106 



118 



I 



SECURE TOKEN 
VALUE PUT IN 
RESPONSE 
HEADER 



120 



OUSER REQUEST 
REDIRECTED FROM 
FIRST DOMAIN TO 
SECOND DOMAIN 



STEP 8 







SECOND DOMAI 
TOKEN IN USER 

AND FURTHER O 
SECURE TOKEN 

VALUE IN THE US 


N PUTS SECURE 
HTTPS COOKIE 

BFUSCATES THE 
AND PUTS THIS 

ER HTTP COOKIE 



(Second domainN 
PROCESSES USER ) 
REQUEST J 



FIG. 5 



